Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-09 | CVE-2018-14080 | Improper Authentication vulnerability in D-Link products An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. | 7.5 |
| 2018-10-07 | CVE-2012-6710 | Improper Authentication vulnerability in Extplorer ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. | 9.8 |
| 2018-10-05 | CVE-2018-15371 | Improper Authentication vulnerability in Cisco IOS XE 16.3(1) A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. | 6.7 |
| 2018-10-05 | CVE-2018-0435 | Improper Authentication vulnerability in Cisco Umbrella A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. | 9.1 |
| 2018-10-05 | CVE-2013-7465 | Improper Authentication vulnerability in Icecoldapps Servers Ultimate 6.0.2 Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts. | 9.8 |
| 2018-10-04 | CVE-2018-0505 | Improper Authentication vulnerability in multiple products Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | 6.5 |
| 2018-10-04 | CVE-2018-12472 | Improper Authentication vulnerability in Suse Subscription Management Tool A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. | 9.1 |
| 2018-10-03 | CVE-2018-6689 | Improper Authentication vulnerability in Mcafee Data Loss Prevention Endpoint Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. | 7.8 |
| 2018-10-02 | CVE-2018-17786 | Improper Authentication vulnerability in D-Link Dir-823G Firmware On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | 9.8 |
| 2018-10-01 | CVE-2018-1672 | Improper Authentication vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. | 6.3 |